Hello! I have Windows 7 Home Premium. I use Firefox. I use Dogpile as my browser. When, and only when, I type "forum", doesn't matter if it's in a sentence or single word, into Dogpile, I get redirected to this: http://omblockedips.com/. And says: "To continue, please respond below: I am not a robot." I went to Uninstall to try and find this program but it's not there. I ran Malwarebytes and a registry cleaner. But, again, it keeps doing this only when "forum" is in the search box. Any suggestions? Thanks!
Dogpile Being Redirected When "Forum" Is Typed.
Started by
smittyd
, Jan 04 2021 12:09 AM
#2
Posted 04 January 2021 - 07:09 AM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
- Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Check the Addition.txt box
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Smart Screen, Windows Defender and Avast have all been blocking FRST recently. It's a false positive so pause your antivirus when downloading or running FRST. If you get a message saying Smart Screen has blocked it you can click on More Info and you will see an option to Run Anyway.
#3
Posted 04 January 2021 - 09:58 AM
smittyd
- Topic Starter
-
- Member
-
- 148 posts
Member
- Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Check the Addition.txt box
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Smart Screen, Windows Defender and Avast have all been blocking FRST recently. It's a false positive so pause your antivirus when downloading or running FRST. If you get a message saying Smart Screen has blocked it you can click on More Info and you will see an option to Run Anyway.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by Owner (administrator) on OWNER-PC (Dell Inc. Inspiron 660) (04-01-2021 09:10:51)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Atheros) [File not signed] C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(AVG Technologies USA, LLC -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\AVGBrowserCrashHandler.exe
(AVG Technologies USA, LLC -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\AVGBrowserCrashHandler64.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\caudiofilteragent64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimeLineAgent.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\3.8.106.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MSGSDK\msgrunner.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe <5>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe <6>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_6\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MQS\QcShm.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <7>
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASCORE64.EXE
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe <2>
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.Service.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-14] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1628288 2011-09-08] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-19] (Intel Corporation - Mobile Wireless Group -> Intel Corporation)
HKLM\...\Run: [WSVCUUpdateHelper.exe] => C:\Program Files\Wondershare\Wondershare UniConverter\WSVCUUpdateHelper.exe [34744 2020-12-23] (Wondershare Technology Co.,Ltd -> )
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [638352 2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [407440 2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe [4362704 2020-11-27] (Surfshark Ltd. -> Surfshark)
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32414392 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\MountPoints2: {24670f47-71b5-11e3-bcac-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\...\Print\Monitors\HP 5912 Status Monitor: C:\Windows\system32\hpinksts5912LM.dll [331664 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8600): C:\Windows\system32\HPDiscoPM5912.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-03] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{48F69C39-1356-4A7B-A899-70E3539D4982}] -> C:\Program Files (x86)\AVG\Browser\Application\86.1.6937.200\Installer\chrmstp.exe [2020-11-23] (AVG Technologies USA, LLC -> AVG Technologies)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS Thermal Printing.lnk [2019-02-05]
ShortcutTarget: UPS Thermal Printing.lnk -> C:\Program Files (x86)\UPS\Thermal Printing\UPSISJavaStarter.exe (United Parcel Service) [File not signed]
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2019-05-03]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E313519-F2CD-4E9F-9C27-8B8DF7B05A89} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {1CB800FF-C5CA-4410-AC31-5CDF123022AD} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {1D77A071-171F-4554-94D3-D851C2AD0927} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-16] (Google Inc -> Google Inc.)
Task: {1FD67AC7-010B-4D16-9F09-E6EB9574DDFB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {23C624EA-F7F3-489E-96B9-E9F4A5CAA68D} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4603200 2020-08-16] (McAfee, LLC -> McAfee, LLC)
Task: {28128529-D51E-4E11-BA53-3B77456B5BA0} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {3723055B-0082-4A0D-8672-C903A2576968} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [3885120 2013-09-20] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {4EBBE1C6-1081-404A-A982-103F922B3188} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {57B7B3A5-3EE4-4A36-9D44-55A178863607} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {6572046D-7C15-49B9-9023-7FE67C2EC48A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {80186C99-1F21-4737-B40B-E9783EDBC0D3} - System32\Tasks\AVG Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [1929816 2020-11-12] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {8AB4A04B-04E3-4720-9D27-5977A245BB0A} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1773192 2020-09-17] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {A00DD7D3-D4D4-4835-9071-FC40B439ED0D} - System32\Tasks\{25A0616E-6AFD-4655-8902-D17F2E0763DC} => C:\Windows\system32\pcalua.exe -a "C:\Users\Owner\Desktop\Backup\Users\Owner\Documents\Games\My Documents\frostwire-4.18.1.windows.exe"
Task: {BB6C6411-A7E0-43CF-8622-02D62F2E9833} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {BE669FC4-2E88-4F73-B670-0B1B11F76A3F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {BE72AD84-3340-40CA-8174-F4F128E3A6E0} - System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [1929816 2020-11-12] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {CEA26841-0391-48F0-9456-830FCA796D09} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.11.630\mcdatrep.exe [1888160 2020-09-24] (McAfee, Inc. -> McAfee, LLC.)
Task: {D5326979-D4EE-422B-80DF-8989AF84DC08} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1090800 2020-08-14] (McAfee, LLC -> McAfee, LLC)
Task: {DA331BD8-52A3-4245-A098-0E5DE31D8834} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [764640 2020-06-09] (McAfee, LLC -> McAfee, LLC)
Task: {E1881029-EB60-4BC6-9CE0-3A957CA1A2EB} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [693456 2020-12-22] (Mozilla Corporation -> Mozilla Foundation)
Task: {E2ECD4C7-820A-40F7-9DF1-84660267BAD9} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.5.126\DADUpdater.exe [4000984 2020-11-04] (McAfee, LLC -> McAfee, LLC)
Task: {E7FCE166-5458-4C4F-855D-434660F78491} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E8C95506-73C5-4FE3-BAA7-35013A4E7F99} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [3907304 2013-09-20] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {F24F8409-386A-4C74-94B7-AF6AA42F8C6E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [3633312 2013-09-20] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {F7EB52B0-1D8F-4ACB-94AF-95919173892F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-16] (Google Inc -> Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:1080
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9177BD24-158B-4F5A-850A-E78230A70809}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{F6C593FC-DE1F-428A-8525-EA6E831D2CED}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF DefaultProfile: 06wnhiu5.default-1504139140416
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416 [2021-01-04]
FF Homepage: Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416 -> hxxps://www.dogpile.com/
FF Extension: (AdBlocker Ultimate) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\Extensions\[email protected] [2020-12-07]
FF Extension: (NoScript) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2020-12-23]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-12-15]
FF Extension: (Greasemonkey) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-10-04]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\searchplugins\bing-lavasoft-ff59.xml [2018-05-27]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: (FiddlerHook) - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-04-03] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2020-10-20] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-08-21] (McAfee, LLC -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-08-21] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll [2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll [2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2192775400-2880640462-1298197252-1000: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2021-01-02] (TD Ameritrade -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-2192775400-2880640462-1298197252-1000: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2021-01-02] (TD Ameritrade -> TD Ameritrade)
Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2021-01-03]
CHR HomePage: Default -> hxxp://www.google.com
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-24]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-24]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-21]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-30]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - <no Path/update_url>
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-04-27] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
S2 Avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
S3 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
S3 AVGSecureBrowserElevationService; C:\Program Files (x86)\AVG\Browser\Application\86.1.6937.200\elevation_service.exe [1136952 2020-11-12] (AVG Technologies USA, LLC -> AVG Technologies)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc. -> McAfee, Inc.)
S2 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [671744 2016-12-18] (Genie9) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-29] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [958216 2020-12-17] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_6\McApExe.exe [768256 2020-09-11] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.8.106.0\\McCSPServiceHost.exe [2726312 2020-08-13] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1745400 2020-08-14] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4221040 2020-07-29] (McAfee, LLC -> McAfee, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 Surfshark Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-06-15] (Surfshark Ltd. -> Surfshark)
R2 Surfshark Shadowsocks Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-06-15] (Surfshark Ltd. -> Surfshark)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppService.exe [493792 2017-12-19] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files\Wondershare\Wondershare UniConverter\Transfer\DriverInstall.exe [112560 2020-12-23] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2011-11-29] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc. -> SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc. -> SlySoft, Inc.)
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2796544 2011-11-22] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-08] (AVG Technologies -> AVG Technologies)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [75704 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-12-29] (Malwarebytes Corporation -> Malwarebytes)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [218960 2020-05-25] (McAfee, LLC -> McAfee, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2020-12-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2020-12-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2020-12-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-12-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [127088 2020-12-29] (Malwarebytes Inc -> Malwarebytes)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [529848 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [382392 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [521656 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [1006008 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [595896 2020-06-07] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [107960 2020-06-07] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [116664 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252344 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Primax Ltd)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [80384 2010-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [180736 2010-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security S.L. -> Panda Security, S.L.)
R1 SASDIFSV; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SurfsharkSplitTunnelDriver; C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys [39648 2020-06-15] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 tapsurfshark; C:\Windows\System32\DRIVERS\tapsurfshark.sys [36544 2020-06-15] (Surfshark Ltd. -> The OpenVPN Project)
R3 wintunshark; C:\Windows\System32\DRIVERS\wintunshark.sys [28936 2020-09-17] (Surfshark Ltd. -> Surfshark Ltd)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare Software Co., Ltd. -> Wondershare)
U2 TMAgent; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-04 09:10 - 2021-01-04 09:12 - 000031874 _____ C:\Users\Owner\Desktop\FRST.txt
2021-01-04 09:10 - 2021-01-04 09:11 - 000000000 ____D C:\FRST
2021-01-04 09:09 - 2021-01-04 09:09 - 002286592 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2021-01-03 20:24 - 2021-01-03 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2020-12-30 05:36 - 2020-12-30 05:36 - 000000977 _____ C:\Users\Owner\Desktop\Eusing Cleaner.lnk
2020-12-30 05:36 - 2020-12-30 05:36 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eusing Cleaner
2020-12-30 05:36 - 2020-12-30 05:36 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Eusing
2020-12-30 05:36 - 2020-12-30 05:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eusing Cleaner
2020-12-30 05:36 - 2020-12-30 05:36 - 000000000 ____D C:\Program Files (x86)\Eusing Cleaner
2020-12-29 13:37 - 2020-12-29 13:37 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-12-29 13:36 - 2020-12-29 13:36 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-12-29 13:36 - 2020-12-29 13:36 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-12-29 13:36 - 2020-12-29 13:36 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-12-29 13:36 - 2020-12-29 13:36 - 000127088 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-12-29 13:36 - 2020-12-29 13:36 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-12-29 13:36 - 2020-12-29 13:36 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-12-29 13:36 - 2020-12-29 13:36 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-12-29 13:36 - 2020-12-29 13:36 - 000000000 ____D C:\Users\Owner\AppData\Local\mbam
2020-12-29 13:36 - 2020-12-29 13:35 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-12-28 08:08 - 2020-12-28 08:08 - 000001081 _____ C:\Users\Public\Desktop\Wondershare UniConverter.lnk
2020-12-28 08:08 - 2020-12-28 08:08 - 000001081 _____ C:\ProgramData\Desktop\Wondershare UniConverter.lnk
2020-12-24 13:11 - 2020-12-24 15:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2020-12-22 13:26 - 2020-12-22 13:26 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-12-22 13:17 - 2020-12-28 22:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-12-20 05:43 - 2020-12-20 05:43 - 000401024 _____ C:\Users\Owner\Desktop\WeeklyPaycheckStrategyGuide2019.pdf
2020-12-07 14:27 - 2020-12-28 22:56 - 000000000 ____D C:\ProgramData\McInstTemp0285051607372829
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-04 08:57 - 2009-07-13 22:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-01-04 08:57 - 2009-07-13 22:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-01-04 08:50 - 2014-01-01 17:04 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-04 08:49 - 2016-11-17 17:55 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2021-01-03 22:56 - 2020-10-17 11:43 - 000000000 ____D C:\Program Files\CCleaner
2021-01-03 22:30 - 2014-01-03 15:25 - 000000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2021-01-03 20:24 - 2019-03-27 12:18 - 000000000 ____D C:\Users\Owner\AppData\Local\BitTorrentHelper
2021-01-03 16:12 - 2018-02-04 14:49 - 000000000 ____D C:\Windows\system32\Tasks\McAfee
2021-01-02 19:10 - 2009-07-13 23:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-02 19:10 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2021-01-02 16:19 - 2020-06-28 15:53 - 000000000 ____D C:\Users\Owner\.thinkorswim
2021-01-02 16:19 - 2020-06-28 15:53 - 000000000 ____D C:\Program Files\thinkorswim
2020-12-29 13:36 - 2014-02-09 06:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-29 13:34 - 2017-10-23 17:37 - 000000000 ____D C:\Program Files\Malwarebytes
2020-12-29 13:33 - 2014-01-01 18:48 - 000000000 ____D C:\Users\Owner\Documents\Anti Spyware
2020-12-28 22:57 - 2015-08-22 09:35 - 000000000 __SHD C:\Users\Owner\IntelGraphicsProfiles
2020-12-28 22:56 - 2020-10-17 11:43 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-12-28 22:55 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-12-28 22:54 - 2014-01-01 17:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-12-28 22:51 - 2014-02-15 18:33 - 000000000 ____D C:\AdwCleaner
2020-12-28 08:08 - 2014-02-03 23:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2020-12-23 15:43 - 2016-08-04 11:21 - 000000000 ____D C:\Users\Owner\Documents\Chessmaster 9000
2020-12-14 22:15 - 2014-02-22 07:31 - 000000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2020-12-11 20:43 - 2015-11-15 19:59 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-08 19:15 - 2018-03-13 14:07 - 000004462 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-12-08 19:15 - 2014-01-05 15:11 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-12-08 19:15 - 2014-01-02 09:39 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-12-08 19:15 - 2014-01-02 09:39 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-12-08 19:15 - 2014-01-02 09:39 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-12-08 19:15 - 2014-01-02 09:39 - 000000000 ____D C:\Windows\system32\Macromed
2020-12-06 17:10 - 2020-09-05 16:00 - 000000000 ____D C:\ProgramData\Surfshark
2020-12-06 17:10 - 2020-09-05 15:56 - 000000000 ____D C:\Program Files (x86)\Surfshark
2020-12-05 22:58 - 2020-09-05 15:49 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Surfshark
2020-12-05 00:01 - 2014-02-12 14:15 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
==================== Files in the root of some directories ========
2014-01-08 17:00 - 2014-02-05 22:46 - 000003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-01-05 15:01 - 2014-12-18 21:29 - 000000203 _____ () C:\Users\Owner\AppData\Roaming\default.rss
2015-11-15 17:20 - 2015-11-15 19:04 - 000000115 _____ () C:\Users\Owner\AppData\Roaming\LogFile.txt
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-01-03 18:52
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by Owner (04-01-2021 09:12:38)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-12-31 02:16:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2192775400-2880640462-1298197252-500 - Administrator - Disabled)
Guest (S-1-5-21-2192775400-2880640462-1298197252-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2192775400-2880640462-1298197252-1002 - Limited - Enabled)
Owner (S-1-5-21-2192775400-2880640462-1298197252-1000 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: McAfee VirusScan (Enabled - Up to date) {2624E002-54CC-27F9-FD39-B2DD14D41191}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
3D Home Architect Design Suite Deluxe 8 (HKLM-x32\...\{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}) (Version: 8.0 - Encore) Hidden
3D Home Architect Design Suite Deluxe 8 (HKLM-x32\...\InstallShield_{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}) (Version: 8.0 - Encore)
3D Home Architect Home Design Deluxe 6 (HKLM-x32\...\{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}) (Version: 6.00.0000 - Broderbund) Hidden
3D Home Architect Home Design Deluxe 6 (HKLM-x32\...\InstallShield_{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}) (Version: 6.00.0000 - Broderbund)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Advertising Center (HKLM-x32\...\{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}) (Version: 0.0.0.1 - Nero AG) Hidden
Any Video Converter 5.5.5 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.8.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG Driver Updater (HKLM-x32\...\{95294F1F-3F2F-48E6-A33B-B89632F8F1B7}) (Version: 2.2.2 - AVG Netherlands B.V) Hidden
AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 86.1.6937.200 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
Chessmaster 9000 (HKLM-x32\...\Chessmaster 9000) (Version: - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Receiver 4.12 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.12.0.18020 - Citrix Systems, Inc.)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dell System Detect (HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\9204f5692a8faf3b) (Version: 5.6.0.4 - Dell)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
DolbyFiles (HKLM-x32\...\{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}) (Version: 0.1 - Nero AG) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Eusing Cleaner (HKLM-x32\...\Eusing Cleaner) (Version: - Eusing Freeware)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.5.0.0 - Telerik)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
FLAC to MP3 Converter 6.1.9.0 (HKLM-x32\...\DD4F47DF-6540-4BDA-BEAD-2B19250B0C48_is1) (Version: - Accmeware Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
honestech VHS to DVD 3.0 SE (HKLM-x32\...\{0C69661F-BAE9-466A-8878-CA78026412DF}) (Version: 3.0 - Honest Technology) Hidden
honestech VHS to DVD 3.0 SE (HKLM-x32\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 3.0 - honestech)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
iMyFone Fixppo 7.7.0.4 (HKLM-x32\...\{FD27E638-0609-44D4-B4E0-8F238FACC75C}_is1) (Version: 7.7.0.4 - Shenzhen iMyFone Technology Co., Ltd.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Juniper Citrix Services Client (HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\Juniper_Citrix_Services) (Version: 7.4.0.33857 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\Juniper_Setup_Client) (Version: 7.4.13.52059 - Juniper Networks, Inc.)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
McAfee Multi Access (HKLM-x32\...\MSC) (Version: 16.0 R28 - McAfee, LLC)
Menu Templates - Starter Kit (HKLM-x32\...\{B78120A0-CF84-4366-A393-4D0A59BC546C}) (Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Templates - Starter Kit (HKLM-x32\...\{E498385E-1C51-459A-B45F-1721E37AA1A0}) (Version: 9.4.2.0 - Nero AG) Hidden
Mozilla Firefox 84.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 84.0.1 (x64 en-US)) (Version: 84.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
Mozilla Thunderbird 85.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 85.0 (x86 en-US)) (Version: 85.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{2af62f37-8157-4b8e-b84b-a4eab6c1d27b}) (Version: - Nero AG)
OGG to MP3 Converter (HKLM-x32\...\{4809DDAE-110C-4CF8-B383-706BB5B3D5B6}_is1) (Version: - www.oggtomp3converter.com)
Online Plug-in (HKLM-x32\...\{2E9881CA-E41C-45E5-8055-61A4CC1BF93F}) (Version: 14.12.0.18020 - Citrix Systems, Inc.) Hidden
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
ReadySHARE Vault (HKLM-x32\...\ReadySHARE Vault) (Version: 7.0 - Genie9)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Registry Mechanic 8.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 8.0 - PC Tools)
Self-service Plug-in (HKLM-x32\...\{7A029AB7-8CC4-4FE8-904F-A090248C1BC7}) (Version: 4.12.0.18013 - Citrix Systems, Inc.) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Surfshark (HKLM-x32\...\{5795EF4B-5D61-4FEC-9CAB-39A0849C7238}) (Version: 2.7.7999 - Surfshark) Hidden
Surfshark (HKLM-x32\...\Surfshark 2.7.7999) (Version: 2.7.7999 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{FDCDF826-A508-41B3-93B0-C3EC5F3251E7}) (Version: 1.0 - Surfshark)
Surfshark TUN Driver Windows (HKLM\...\{0446BBB9-5BF7-4EE8-813C-2A630808D5A1}) (Version: 1.0 - Surfshark)
System Ninja version 2.4.4 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 2.4.4 - SingularLabs)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
ubi.com (HKLM-x32\...\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UPS Thermal Printing (HKLM-x32\...\{5468B610-354E-4ED3-B274-535F8F0AE2C0}) (Version: 2.0.0.0 - United Parcel Service)
Video Poker for Winners (HKLM-x32\...\{5B73AF17-C52E-452D-B37F-C7B69E567DB8}) (Version: 1.11.0000 - Action Gaming, Inc)
Video Poker for Winners (HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\Video Poker for Winners) (Version: - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.177 - McAfee, LLC)
Windows Driver Package - Surfshark Ltd (wintunshark) Net (08/10/2020 0.8.0.0) (HKLM\...\C3138B3DBCE6F9FCB8C067FECE833A62860FFB4C) (Version: 08/10/2020 0.8.0.0 - Surfshark Ltd)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wise Disk Cleaner 10.31 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 10.31 - WiseCleaner.com, Inc.)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare UniConverter(Build 12.5.1.8) (HKLM\...\UniConverter_is1) (Version: 12.5.1.8 - Wondershare Software)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll [2009-06-05] (Nero AG -> Nero AG)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1-x32: [FileOpreation] -> {64686A76-F095-4872-A41C-1B682E751D88} => C:\Windows\SysWow64\WS_ContextMenu.dll [2010-10-28] () [File not signed]
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2013-05-16] (Safer-Networking Ltd.) [File not signed]
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2013-05-16] (Safer-Networking Ltd.) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2015-02-27] () [File not signed]
ContextMenuHandlers2: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2016-12-18] (Genie9) [File not signed]
ContextMenuHandlers3: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl [2016-12-18] (Genie9) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2013-05-16] (Safer-Networking Ltd.) [File not signed]
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2013-05-16] (Safer-Networking Ltd.) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Owner\Desktop\Backup\Users\Owner\Desktop\Geek Squad Backup\Users\Derrell\Flash Drive Back Up 2-12-2013\Removable Disk\Junk\Remote Workstation.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://ctxmf.valero.com
==================== Loaded Modules (Whitelisted) =============
2014-01-01 16:31 - 2011-11-29 20:00 - 000059392 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2020-10-12 11:54 - 2020-10-12 11:54 - 000324096 _____ () [File not signed] C:\Program Files (x86)\Surfshark\Resources\x64\Surfshark.Firewall.dll
2020-11-20 01:06 - 2020-11-20 01:06 - 004035072 _____ () [File not signed] C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkWg.dll
2018-12-18 15:09 - 2016-12-18 06:38 - 000741376 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSBackupManager.gtl
2016-12-13 04:19 - 2016-12-13 04:19 - 000093696 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSCurl.dll
2016-12-13 04:19 - 2016-12-13 04:19 - 000089600 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.dll
2018-12-18 15:09 - 2016-12-13 04:19 - 000089600 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.gtl
2016-12-18 06:38 - 2016-12-18 06:38 - 000491520 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.dll
2018-12-18 15:09 - 2016-12-18 06:38 - 000491520 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSIndexDB.gtl
2016-12-13 04:19 - 2016-12-13 04:19 - 000058368 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.dll
2018-12-18 15:09 - 2016-12-13 04:19 - 000058368 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLibrariesManager.gtl
2016-12-13 04:18 - 2016-12-13 04:18 - 000045568 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.dll
2018-12-18 15:09 - 2016-12-13 04:18 - 000045568 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.gtl
2018-12-18 15:09 - 2016-12-18 06:38 - 000054784 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogManager.gtl
2018-12-18 15:09 - 2016-12-18 06:38 - 000163328 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl
2018-12-18 15:09 - 2016-12-18 06:38 - 000371200 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSWatcher4.gtl
2016-12-18 06:38 - 2016-12-18 06:38 - 000332800 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.dll
2018-12-18 15:09 - 2016-12-18 06:38 - 000332800 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\OnlineHandler.gtl
2013-02-03 03:21 - 2013-02-03 03:21 - 000045056 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\pcre.dll
2013-02-03 03:21 - 2013-02-03 03:21 - 000097792 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\pcrebase.dll
2016-12-18 06:38 - 2016-12-18 06:38 - 000087552 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.dll
2018-12-18 15:09 - 2016-12-18 06:38 - 000087552 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\QueueManager.gtl
2013-02-03 05:40 - 2013-02-03 05:40 - 000011264 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.dll
2018-12-18 15:09 - 2013-02-03 05:40 - 000011264 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\RWLock.gtl
2016-12-18 06:38 - 2016-12-18 06:38 - 000211968 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.dll
2018-12-18 15:09 - 2016-12-18 06:38 - 000211968 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.gtl
2012-02-02 03:16 - 2012-02-02 03:16 - 000740864 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.dll
2018-12-18 15:09 - 2012-02-02 03:16 - 000740864 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\sqlite3.gtl
2018-12-18 15:09 - 2013-02-03 05:40 - 000010752 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\VSSEngine_Proxy.gtl
2016-12-18 06:38 - 2016-12-18 06:38 - 000063488 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\XBalloonMsgDll.dll
2018-02-07 19:54 - 2018-02-07 19:54 - 000172032 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\6673ce6dac4d89de35948e2f0390d97b\IsdiInterop.ni.dll
2017-06-02 11:13 - 2015-02-27 13:38 - 000721263 _____ () [File not signed] C:\Windows\SysWOW64\WSCM64.dll
2015-05-26 03:42 - 2015-05-26 03:42 - 000491520 _____ (Artpol Software) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSZipEng.dll
2018-12-18 15:09 - 2015-05-26 03:42 - 000491520 _____ (Artpol Software) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSZipEng.gtl
2014-01-01 16:23 - 2011-11-29 09:51 - 000439808 _____ (Atheros) [File not signed] C:\Windows\system32\athihvs.dll
2014-01-01 16:14 - 2012-01-09 17:40 - 000364544 _____ (Conexant Systems, Inc.) [File not signed] [File is in use] C:\Program Files\Conexant\SA3\Languages\en-US\SmartAudio.resources.dll
2018-12-18 15:09 - 2016-12-18 06:38 - 000094720 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSCopy.gtl
2016-12-18 06:38 - 2016-12-18 06:38 - 000174592 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSOnlineProtocol.dll
2018-12-18 15:09 - 2016-12-18 06:38 - 000098816 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineContextMenu.gtl
2018-12-18 15:09 - 2016-12-18 06:38 - 000637952 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineNSE.gtl
2018-12-18 15:09 - 2016-12-13 06:44 - 001504256 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineShellRes.gtl
2016-12-18 06:38 - 2016-12-18 06:38 - 000090624 _____ (Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSUpdater.dll
2016-12-13 04:19 - 2016-12-13 04:19 - 000648704 _____ (Genie-Soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GenieAFX.dll
2016-12-13 04:18 - 2016-12-13 04:18 - 000029184 _____ (Genie-soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSEnManager.dll
2016-12-13 04:18 - 2016-12-13 04:18 - 000113152 _____ (Genie-soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSGlobalMFC.dll
2016-12-13 04:19 - 2016-12-13 04:19 - 000036352 _____ (Genie-soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSSEMGR.dll
2016-12-13 04:19 - 2016-12-13 04:19 - 000152064 _____ (Genie-Soft) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSSMTP.dll
2018-01-18 12:12 - 2018-01-18 12:12 - 000014336 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\439f4df27ed07e50e3dac6eacce3a0f8\IAStorCommon.ni.dll
2014-01-01 16:31 - 2011-11-29 20:00 - 000175616 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUIHelper.dll
2014-01-01 16:31 - 2011-11-29 20:00 - 001319424 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll
2014-01-01 16:31 - 2011-11-29 19:41 - 000278016 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\ISDI.dll
2014-01-01 16:20 - 2012-02-17 01:31 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2018-02-07 19:54 - 2018-02-07 19:54 - 000225280 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\a90db6c138e5a8e0c550be7c61e5d6b6\IAStorDataMgr.ni.dll
2018-03-14 20:42 - 2018-03-14 20:42 - 000487424 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4acddac9fd2b5660cc05ad1e6f67e796\IAStorUtil.ni.dll
2015-11-05 17:29 - 2015-11-05 17:29 - 000125952 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2014-05-21 22:16 - 2014-05-21 22:16 - 000225280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2014-02-12 14:15 - 2013-05-16 10:55 - 000467456 _____ (Safer-Networking Ltd.) [File not signed] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll
2012-02-02 03:16 - 2012-02-02 03:16 - 003501056 _____ (Terra Informatica Software, Inc., British Columbia, Canada.) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\htmlayout.dll
2012-02-02 03:16 - 2012-02-02 03:16 - 000222720 _____ (The cURL library, hxxp://curl.haxx.se/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\libcurl.dll
2012-02-02 03:16 - 2012-02-02 03:16 - 001558016 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\LIBEAY32.dll
2018-12-18 15:09 - 2012-02-02 03:16 - 001558016 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\libeay32.gtl
2012-02-02 03:16 - 2012-02-02 03:16 - 000301568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\SSLEAY32.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [167]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Version 11) (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000 -> {5C25E8A3-2225-4A57-9311-5CA0A679F82A} URL =
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-12-17] (McAfee, LLC -> McAfee, LLC)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] (Adobe Systems, Incorporated -> )
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-12-17] (McAfee, LLC -> McAfee, LLC)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\localhost -> localhost
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2019-01-18 08:38 - 000000743 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\1.5\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\1.5\bin\x64;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F0B42C8B-18E4-4453-B7F4-AF07039DDA72}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{6D287328-FB9C-489C-BE20-DCB66556B486}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{CC0C7C3A-E243-4D6A-9FB8-60A9361AC21C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{380C03FA-DA4F-49B9-BCBB-4CA3F25E2311}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{6AD5B1E4-7525-4294-9428-6FEAF9223E98}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{4B43463E-6840-45A1-A76A-B877DB41F515}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{CD115A5D-3C73-473D-ADFD-68B7A1CA8CA4}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D628E81A-408A-4A04-B129-BC5CD964B452}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B72B88C9-C96C-404E-B39C-86B53DB1AA44}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{7AACFB67-81C2-42ED-A05A-1F7CC96BFDEB}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{3060B2D1-9B37-40A4-966F-442F0D7BD6F5}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8F1A5A4E-558D-428D-89DA-05C6FE5B7E12}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1E962DE6-1EB5-4D53-B5BD-E44A50F795D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{63CDA6EB-C3DF-461A-94E4-5E5933482F67}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{F9EED568-720A-4DF8-8A15-8C6710DF39D7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BCE88674-3735-4121-A1B1-8F47C9D8317C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AAEC3056-0F88-4A1F-AA0F-0E744E16E0B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{1C4684DB-B963-4CC2-B043-CCB8F4ED764F}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe => No File
FirewallRules: [UDP Query User{0EC9AC9C-5987-4987-8707-44B649587DC2}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe => No File
FirewallRules: [TCP Query User{561AD7C6-BCC6-4F64-AA9B-0FE7AC2C643C}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe => No File
FirewallRules: [UDP Query User{3EC44355-D004-4969-B468-59010EA3F679}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe => No File
FirewallRules: [{E419970E-0773-42BC-BB42-6CC2DFEA84B3}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{284094B8-4491-44B4-85F0-15C20CB9D78A}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{16223476-6DCE-4512-B5E7-99C11567A815}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [TCP Query User{55F91AA5-706E-4125-885D-B110A37FCE87}C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe => No File
FirewallRules: [UDP Query User{15705161-3644-493C-ACA6-02132ED49003}C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe => No File
FirewallRules: [{D97DF715-A02F-4C93-A6FC-2A29FB1348D2}] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe => No File
FirewallRules: [{D3E33636-8100-4B24-9673-CD018C64D132}] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe => No File
FirewallRules: [{68D79EEE-D520-42EC-967C-61293B5AF019}] => (Allow) C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe (AVG Technologies USA, LLC -> AVG Technologies)
FirewallRules: [{66078EE9-0D2B-4F6C-BC98-8CE5103A86DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
24-12-2020 16:01:00 Scheduled Checkpoint
03-01-2021 18:59:29 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/04/2021 08:56:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.
Error: (01/04/2021 12:03:29 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.
Error: (01/03/2021 10:45:05 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.
Error: (01/03/2021 09:45:05 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.
Error: (01/03/2021 08:45:05 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.
Error: (01/03/2021 07:45:05 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.
Error: (01/03/2021 06:45:05 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.
Error: (01/03/2021 06:16:11 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.
System errors:
=============
Error: (12/29/2020 10:02:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Genie Timeline Service service terminated unexpectedly. It has done this 3 time(s).
Error: (12/29/2020 08:04:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Genie Timeline Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (12/29/2020 06:55:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Genie Timeline Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (12/28/2020 11:43:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Genie Timeline Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (12/28/2020 10:56:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Wondershare Application Framework Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (12/28/2020 10:56:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Wondershare Application Framework Service service to connect.
Error: (12/28/2020 10:55:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (12/28/2020 10:55:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
CodeIntegrity:
===================================
Date: 2016-06-07 05:46:43.686
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-06-07 05:46:43.655
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-06-07 05:46:43.514
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-06-07 05:46:43.452
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-05-26 22:03:05.263
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-05-26 22:03:05.231
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-05-26 22:03:05.185
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-05-26 22:03:05.153
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Dell Inc. A05 07/26/2012
Motherboard: Dell Inc. 0XR1GT
Processor: Intel® Core™ i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 58%
Total physical RAM: 8066.04 MB
Available physical RAM: 3308.77 MB
Total Virtual: 16130.23 MB
Available Virtual: 10153.24 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1862.92 GB) (Free:846.31 GB) NTFS
\\?\Volume{24670f43-71b5-11e3-bcac-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 236FA298)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
#4
Posted 04 January 2021 - 11:52 AM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
Just go down to the bottom and start typing where it says "Reply to this topic." If you click on the Reply button it copies the last post into the reply which clutters up things.
I see a proxy in your logs:
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:1080
Might be part of Surfshark but I don't see the proxy in other FRST logs where Surfshark is in use so let's try removing it:
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that
Reboot if the fix doesn't reboot it for you
Run FRST again but this time make sure Addition.txt is checked and hit Scan. Post both logs.
#5
Posted 04 January 2021 - 12:53 PM
smittyd
- Topic Starter
-
- Member
-
- 148 posts
Member
Just go down to the bottom and start typing where it says "Reply to this topic." If you click on the Reply button it copies the last post into the reply which clutters up things.
I see a proxy in your logs:
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:1080
Might be part of Surfshark but I don't see the proxy in other FRST logs where Surfshark is in use so let's try removing it:
Download the attached fixlist.txt to the same location as FRSTRun FRST and press FixA fix log will be generated please post thatReboot if the fix doesn't reboot it for youRun FRST again but this time make sure Addition.txt is checked and hit Scan. Post both logs.
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by Owner (04-01-2021 11:57:04) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner
Boot Mode: Normal
==============================================
fixlist content:
*****************
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:1080
Task: {1CB800FF-C5CA-4410-AC31-5CDF123022AD} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {BB6C6411-A7E0-43CF-8622-02D62F2E9833} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\searchplugins\bing-lavasoft-ff59.xml [2018-05-27]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll [2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll [2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer Networking Ltd. -> Safer-Networking Ltd.)
U2 TMAgent; no ImagePath
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [TCP Query User{1C4684DB-B963-4CC2-B043-CCB8F4ED764F}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe => No File
FirewallRules: [UDP Query User{0EC9AC9C-5987-4987-8707-44B649587DC2}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe => No File
FirewallRules: [TCP Query User{561AD7C6-BCC6-4F64-AA9B-0FE7AC2C643C}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe => No File
FirewallRules: [UDP Query User{3EC44355-D004-4969-B468-59010EA3F679}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe => No File
FirewallRules: [TCP Query User{55F91AA5-706E-4125-885D-B110A37FCE87}C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe => No File
FirewallRules: [UDP Query User{15705161-3644-493C-ACA6-02132ED49003}C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe => No File
FirewallRules: [{D97DF715-A02F-4C93-A6FC-2A29FB1348D2}] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe => No File
FirewallRules: [{D3E33636-8100-4B24-9673-CD018C64D132}] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe => No File
CMD: SFC /scannow
CMD: findstr /c:"[SR]" \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
*****************
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CB800FF-C5CA-4410-AC31-5CDF123022AD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CB800FF-C5CA-4410-AC31-5CDF123022AD}" => removed successfully
C:\Windows\System32\Tasks\AVGUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB6C6411-A7E0-43CF-8622-02D62F2E9833}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB6C6411-A7E0-43CF-8622-02D62F2E9833}" => removed successfully
C:\Windows\System32\Tasks\AVGUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGUpdateTaskMachineUA" => removed successfully
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\searchplugins\bing-lavasoft-ff59.xml => moved successfully
"HKLM\Software\Mozilla\Thunderbird\Extensions\\[email protected]" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll [2020-10-26] (AVG Technologies USA, LLC" => not found
C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll [2020-10-26] (AVG Technologies USA, LLC" => not found
"C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll" => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => removed successfully
SDScannerService => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\SDScannerService => removed successfully
SDScannerService => service removed successfully
SDUpdateService => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\SDUpdateService => removed successfully
SDUpdateService => service removed successfully
SDWSCService => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\SDWSCService => removed successfully
SDWSCService => service removed successfully
HKLM\System\CurrentControlSet\Services\TMAgent => removed successfully
TMAgent => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1C4684DB-B963-4CC2-B043-CCB8F4ED764F}C:\program files (x86)\wondershare\vcu\urlreqservice.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0EC9AC9C-5987-4987-8707-44B649587DC2}C:\program files (x86)\wondershare\vcu\urlreqservice.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{561AD7C6-BCC6-4F64-AA9B-0FE7AC2C643C}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3EC44355-D004-4969-B468-59010EA3F679}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{55F91AA5-706E-4125-885D-B110A37FCE87}C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{15705161-3644-493C-ACA6-02132ED49003}C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D97DF715-A02F-4C93-A6FC-2A29FB1348D2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D3E33636-8100-4B24-9673-CD018C64D132}" => removed successfully
========= SFC /scannow =========
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 0% complete.Verification 1% complete.Verification 2% complete.Verification 2% complete.Verification 3% complete.Verification 4% complete.Verification 4% complete.Verification 5% complete.Verification 6% complete.Verification 7% complete.Verification 7% complete.Verification 8% complete.Verification 9% complete.Verification 9% complete.Verification 10% complete.Verification 11% complete.Verification 12% complete.Verification 12% complete.Verification 13% complete.Verification 14% complete.Verification 14% complete.Verification 15% complete.Verification 16% complete.Verification 17% complete.Verification 17% complete.Verification 18% complete.Verification 19% complete.Verification 19% complete.Verification 20% complete.Verification 21% complete.Verification 22% complete.Verification 22% complete.Verification 23% complete.Verification 24% complete.Verification 24% complete.Verification 25% complete.Verification 26% complete.Verification 27% complete.Verification 27% complete.Verification 28% complete.Verification 29% complete.Verification 29% complete.Verification 30% complete.Verification 31% complete.Verification 32% complete.Verification 32% complete.Verification 33% complete.Verification 34% complete.Verification 34% complete.Verification 35% complete.Verification 36% complete.Verification 37% complete.Verification 37% complete.Verification 38% complete.Verification 39% complete.Verification 39% complete.Verification 40% complete.Verification 41% complete.Verification 41% complete.Verification 42% complete.Verification 43% complete.Verification 44% complete.Verification 44% complete.Verification 45% complete.Verification 46% complete.Verification 46% complete.Verification 47% complete.Verification 48% complete.Verification 49% complete.Verification 49% complete.Verification 50% complete.Verification 51% complete.Verification 51% complete.Verification 52% complete.Verification 53% complete.Verification 54% complete.Verification 54% complete.Verification 55% complete.Verification 56% complete.Verification 56% complete.Verification 57% complete.Verification 58% complete.Verification 59% complete.Verification 59% complete.Verification 60% complete.Verification 61% complete.Verification 61% complete.Verification 62% complete.Verification 63% complete.Verification 64% complete.Verification 64% complete.Verification 65% complete.Verification 66% complete.Verification 66% complete.Verification 67% complete.Verification 68% complete.Verification 69% complete.Verification 69% complete.Verification 70% complete.Verification 71% complete.Verification 71% complete.Verification 72% complete.Verification 73% complete.Verification 74% complete.Verification 74% complete.Verification 75% complete.Verification 76% complete.Verification 76% complete.Verification 77% complete.Verification 78% complete.Verification 78% complete.Verification 79% complete.Verification 80% complete.Verification 81% complete.Verification 81% complete.Verification 82% complete.Verification 83% complete.Verification 83% complete.Verification 84% complete.Verification 85% complete.Verification 86% complete.Verification 86% complete.Verification 87% complete.Verification 88% complete.Verification 88% complete.Verification 89% complete.Verification 90% complete.Verification 91% complete.Verification 91% complete.Verification 92% complete.Verification 93% complete.Verification 93% complete.Verification 94% complete.Verification 95% complete.Verification 96% complete.Verification 96% complete.Verification 97% complete.Verification 98% complete.Verification 98% complete.Verification 99% complete.Verification 100% complete.
Windows Resource Protection did not find any integrity violations.
========= End of CMD: =========
========= findstr /c:"[SR]" \windows\logs\cbs\cbs.log =========
2021-01-04 11:57:36, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:57:36, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2021-01-04 11:57:38, Info CSI 0000000c [SR] Verify complete
2021-01-04 11:57:40, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:57:40, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2021-01-04 11:57:42, Info CSI 00000010 [SR] Verify complete
2021-01-04 11:57:44, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:57:44, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2021-01-04 11:57:46, Info CSI 00000014 [SR] Verify complete
2021-01-04 11:57:49, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:57:49, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2021-01-04 11:57:51, Info CSI 00000018 [SR] Verify complete
2021-01-04 11:57:53, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:57:53, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2021-01-04 11:57:55, Info CSI 0000001c [SR] Verify complete
2021-01-04 11:57:57, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:57:57, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2021-01-04 11:57:59, Info CSI 00000020 [SR] Verify complete
2021-01-04 11:58:01, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:58:01, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2021-01-04 11:58:03, Info CSI 00000024 [SR] Verify complete
2021-01-04 11:58:05, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:58:05, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2021-01-04 11:58:06, Info CSI 00000028 [SR] Verify complete
2021-01-04 11:58:08, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:58:08, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2021-01-04 11:58:10, Info CSI 0000002c [SR] Verify complete
2021-01-04 11:58:12, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:58:12, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2021-01-04 11:58:14, Info CSI 00000030 [SR] Verify complete
2021-01-04 11:58:15, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:58:15, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2021-01-04 11:58:16, Info CSI 00000034 [SR] Verify complete
2021-01-04 11:58:17, Info CSI 00000035 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:58:17, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2021-01-04 11:58:18, Info CSI 00000038 [SR] Verify complete
2021-01-04 11:58:19, Info CSI 00000039 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:58:19, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2021-01-04 11:58:20, Info CSI 0000003c [SR] Verify complete
2021-01-04 11:58:21, Info CSI 0000003d [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:58:21, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2021-01-04 11:58:32, Info CSI 00000040 [SR] Verify complete
2021-01-04 11:58:33, Info CSI 00000041 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:58:33, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2021-01-04 11:58:36, Info CSI 00000044 [SR] Verify complete
2021-01-04 11:58:37, Info CSI 00000045 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:58:37, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2021-01-04 11:58:42, Info CSI 00000048 [SR] Verify complete
2021-01-04 11:58:43, Info CSI 00000049 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:58:43, Info CSI 0000004a [SR] Beginning Verify and Repair transaction
2021-01-04 11:58:47, Info CSI 0000004c [SR] Verify complete
2021-01-04 11:58:48, Info CSI 0000004d [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:58:48, Info CSI 0000004e [SR] Beginning Verify and Repair transaction
2021-01-04 11:58:49, Info CSI 00000050 [SR] Verify complete
2021-01-04 11:58:50, Info CSI 00000051 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:58:50, Info CSI 00000052 [SR] Beginning Verify and Repair transaction
2021-01-04 11:58:53, Info CSI 00000054 [SR] Verify complete
2021-01-04 11:58:54, Info CSI 00000055 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:58:54, Info CSI 00000056 [SR] Beginning Verify and Repair transaction
2021-01-04 11:58:57, Info CSI 00000058 [SR] Verify complete
2021-01-04 11:58:58, Info CSI 00000059 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:58:58, Info CSI 0000005a [SR] Beginning Verify and Repair transaction
2021-01-04 11:59:01, Info CSI 0000005c [SR] Verify complete
2021-01-04 11:59:02, Info CSI 0000005d [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:59:02, Info CSI 0000005e [SR] Beginning Verify and Repair transaction
2021-01-04 11:59:11, Info CSI 00000060 [SR] Verify complete
2021-01-04 11:59:11, Info CSI 00000061 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:59:11, Info CSI 00000062 [SR] Beginning Verify and Repair transaction
2021-01-04 11:59:17, Info CSI 00000064 [SR] Verify complete
2021-01-04 11:59:17, Info CSI 00000065 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:59:17, Info CSI 00000066 [SR] Beginning Verify and Repair transaction
2021-01-04 11:59:24, Info CSI 00000068 [SR] Verify complete
2021-01-04 11:59:26, Info CSI 00000069 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:59:26, Info CSI 0000006a [SR] Beginning Verify and Repair transaction
2021-01-04 11:59:34, Info CSI 0000006c [SR] Verify complete
2021-01-04 11:59:35, Info CSI 0000006d [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:59:35, Info CSI 0000006e [SR] Beginning Verify and Repair transaction
2021-01-04 11:59:48, Info CSI 00000072 [SR] Verify complete
2021-01-04 11:59:50, Info CSI 00000073 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 11:59:50, Info CSI 00000074 [SR] Beginning Verify and Repair transaction
2021-01-04 12:00:02, Info CSI 00000079 [SR] Verify complete
2021-01-04 12:00:03, Info CSI 0000007a [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:00:03, Info CSI 0000007b [SR] Beginning Verify and Repair transaction
2021-01-04 12:00:11, Info CSI 0000007e [SR] Verify complete
2021-01-04 12:00:12, Info CSI 0000007f [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:00:12, Info CSI 00000080 [SR] Beginning Verify and Repair transaction
2021-01-04 12:00:26, Info CSI 00000082 [SR] Verify complete
2021-01-04 12:00:27, Info CSI 00000083 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:00:27, Info CSI 00000084 [SR] Beginning Verify and Repair transaction
2021-01-04 12:00:35, Info CSI 000000a6 [SR] Verify complete
2021-01-04 12:00:36, Info CSI 000000a7 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:00:36, Info CSI 000000a8 [SR] Beginning Verify and Repair transaction
2021-01-04 12:00:48, Info CSI 000000ad [SR] Verify complete
2021-01-04 12:00:49, Info CSI 000000ae [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:00:49, Info CSI 000000af [SR] Beginning Verify and Repair transaction
2021-01-04 12:00:59, Info CSI 000000b1 [SR] Verify complete
2021-01-04 12:01:00, Info CSI 000000b2 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:01:00, Info CSI 000000b3 [SR] Beginning Verify and Repair transaction
2021-01-04 12:01:09, Info CSI 000000b5 [SR] Verify complete
2021-01-04 12:01:11, Info CSI 000000b6 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:01:11, Info CSI 000000b7 [SR] Beginning Verify and Repair transaction
2021-01-04 12:01:22, Info CSI 000000b9 [SR] Verify complete
2021-01-04 12:01:23, Info CSI 000000ba [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:01:23, Info CSI 000000bb [SR] Beginning Verify and Repair transaction
2021-01-04 12:01:35, Info CSI 000000bd [SR] Verify complete
2021-01-04 12:01:36, Info CSI 000000be [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:01:36, Info CSI 000000bf [SR] Beginning Verify and Repair transaction
2021-01-04 12:01:52, Info CSI 000000c1 [SR] Verify complete
2021-01-04 12:01:53, Info CSI 000000c2 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:01:53, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2021-01-04 12:02:01, Info CSI 000000e6 [SR] Verify complete
2021-01-04 12:02:02, Info CSI 000000e7 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:02:02, Info CSI 000000e8 [SR] Beginning Verify and Repair transaction
2021-01-04 12:02:10, Info CSI 000000ea [SR] Verify complete
2021-01-04 12:02:11, Info CSI 000000eb [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:02:11, Info CSI 000000ec [SR] Beginning Verify and Repair transaction
2021-01-04 12:02:33, Info CSI 000000ee [SR] Verify complete
2021-01-04 12:02:34, Info CSI 000000ef [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:02:34, Info CSI 000000f0 [SR] Beginning Verify and Repair transaction
2021-01-04 12:02:41, Info CSI 000000f4 [SR] Verify complete
2021-01-04 12:02:42, Info CSI 000000f5 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:02:42, Info CSI 000000f6 [SR] Beginning Verify and Repair transaction
2021-01-04 12:02:46, Info CSI 000000f8 [SR] Verify complete
2021-01-04 12:02:46, Info CSI 000000f9 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:02:46, Info CSI 000000fa [SR] Beginning Verify and Repair transaction
2021-01-04 12:02:48, Info CSI 000000fc [SR] Verify complete
2021-01-04 12:02:48, Info CSI 000000fd [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:02:48, Info CSI 000000fe [SR] Beginning Verify and Repair transaction
2021-01-04 12:02:56, Info CSI 00000100 [SR] Verify complete
2021-01-04 12:02:56, Info CSI 00000101 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:02:56, Info CSI 00000102 [SR] Beginning Verify and Repair transaction
2021-01-04 12:03:02, Info CSI 00000115 [SR] Verify complete
2021-01-04 12:03:03, Info CSI 00000116 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:03:03, Info CSI 00000117 [SR] Beginning Verify and Repair transaction
2021-01-04 12:03:08, Info CSI 00000119 [SR] Verify complete
2021-01-04 12:03:10, Info CSI 0000011a [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:03:10, Info CSI 0000011b [SR] Beginning Verify and Repair transaction
2021-01-04 12:03:14, Info CSI 0000011d [SR] Verify complete
2021-01-04 12:03:15, Info CSI 0000011e [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:03:15, Info CSI 0000011f [SR] Beginning Verify and Repair transaction
2021-01-04 12:03:18, Info CSI 00000121 [SR] Verify complete
2021-01-04 12:03:18, Info CSI 00000122 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:03:18, Info CSI 00000123 [SR] Beginning Verify and Repair transaction
2021-01-04 12:03:26, Info CSI 00000126 [SR] Verify complete
2021-01-04 12:03:27, Info CSI 00000127 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:03:27, Info CSI 00000128 [SR] Beginning Verify and Repair transaction
2021-01-04 12:03:37, Info CSI 0000012b [SR] Verify complete
2021-01-04 12:03:38, Info CSI 0000012c [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:03:38, Info CSI 0000012d [SR] Beginning Verify and Repair transaction
2021-01-04 12:03:41, Info CSI 0000012f [SR] Verify complete
2021-01-04 12:03:41, Info CSI 00000130 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:03:41, Info CSI 00000131 [SR] Beginning Verify and Repair transaction
2021-01-04 12:03:45, Info CSI 00000133 [SR] Verify complete
2021-01-04 12:03:45, Info CSI 00000134 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:03:45, Info CSI 00000135 [SR] Beginning Verify and Repair transaction
2021-01-04 12:03:55, Info CSI 00000137 [SR] Verify complete
2021-01-04 12:03:56, Info CSI 00000138 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:03:56, Info CSI 00000139 [SR] Beginning Verify and Repair transaction
2021-01-04 12:04:03, Info CSI 0000013b [SR] Verify complete
2021-01-04 12:04:04, Info CSI 0000013c [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:04:04, Info CSI 0000013d [SR] Beginning Verify and Repair transaction
2021-01-04 12:04:14, Info CSI 0000013f [SR] Verify complete
2021-01-04 12:04:14, Info CSI 00000140 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:04:14, Info CSI 00000141 [SR] Beginning Verify and Repair transaction
2021-01-04 12:04:22, Info CSI 00000159 [SR] Verify complete
2021-01-04 12:04:23, Info CSI 0000015a [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:04:23, Info CSI 0000015b [SR] Beginning Verify and Repair transaction
2021-01-04 12:04:28, Info CSI 0000015d [SR] Verify complete
2021-01-04 12:04:29, Info CSI 0000015e [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:04:29, Info CSI 0000015f [SR] Beginning Verify and Repair transaction
2021-01-04 12:04:43, Info CSI 00000161 [SR] Verify complete
2021-01-04 12:04:43, Info CSI 00000162 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:04:43, Info CSI 00000163 [SR] Beginning Verify and Repair transaction
2021-01-04 12:04:53, Info CSI 00000166 [SR] Verify complete
2021-01-04 12:04:54, Info CSI 00000167 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:04:54, Info CSI 00000168 [SR] Beginning Verify and Repair transaction
2021-01-04 12:05:02, Info CSI 0000016a [SR] Verify complete
2021-01-04 12:05:03, Info CSI 0000016b [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:05:03, Info CSI 0000016c [SR] Beginning Verify and Repair transaction
2021-01-04 12:05:08, Info CSI 0000016e [SR] Verify complete
2021-01-04 12:05:09, Info CSI 0000016f [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:05:09, Info CSI 00000170 [SR] Beginning Verify and Repair transaction
2021-01-04 12:05:15, Info CSI 00000172 [SR] Verify complete
2021-01-04 12:05:16, Info CSI 00000173 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:05:16, Info CSI 00000174 [SR] Beginning Verify and Repair transaction
2021-01-04 12:05:21, Info CSI 00000178 [SR] Verify complete
2021-01-04 12:05:22, Info CSI 00000179 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:05:22, Info CSI 0000017a [SR] Beginning Verify and Repair transaction
2021-01-04 12:05:28, Info CSI 0000017c [SR] Verify complete
2021-01-04 12:05:28, Info CSI 0000017d [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:05:28, Info CSI 0000017e [SR] Beginning Verify and Repair transaction
2021-01-04 12:05:46, Info CSI 00000180 [SR] Verify complete
2021-01-04 12:05:46, Info CSI 00000181 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:05:46, Info CSI 00000182 [SR] Beginning Verify and Repair transaction
2021-01-04 12:05:56, Info CSI 00000185 [SR] Verify complete
2021-01-04 12:05:57, Info CSI 00000186 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:05:57, Info CSI 00000187 [SR] Beginning Verify and Repair transaction
2021-01-04 12:06:02, Info CSI 0000018a [SR] Verify complete
2021-01-04 12:06:03, Info CSI 0000018b [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:06:03, Info CSI 0000018c [SR] Beginning Verify and Repair transaction
2021-01-04 12:06:09, Info CSI 0000018e [SR] Verify complete
2021-01-04 12:06:10, Info CSI 0000018f [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:06:10, Info CSI 00000190 [SR] Beginning Verify and Repair transaction
2021-01-04 12:06:21, Info CSI 00000193 [SR] Verify complete
2021-01-04 12:06:22, Info CSI 00000194 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:06:22, Info CSI 00000195 [SR] Beginning Verify and Repair transaction
2021-01-04 12:06:27, Info CSI 00000197 [SR] Verify complete
2021-01-04 12:06:27, Info CSI 00000198 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:06:27, Info CSI 00000199 [SR] Beginning Verify and Repair transaction
2021-01-04 12:06:33, Info CSI 0000019b [SR] Verify complete
2021-01-04 12:06:34, Info CSI 0000019c [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:06:34, Info CSI 0000019d [SR] Beginning Verify and Repair transaction
2021-01-04 12:06:40, Info CSI 000001a0 [SR] Verify complete
2021-01-04 12:06:40, Info CSI 000001a1 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:06:40, Info CSI 000001a2 [SR] Beginning Verify and Repair transaction
2021-01-04 12:06:48, Info CSI 000001a4 [SR] Verify complete
2021-01-04 12:06:49, Info CSI 000001a5 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:06:49, Info CSI 000001a6 [SR] Beginning Verify and Repair transaction
2021-01-04 12:06:52, Info CSI 000001a8 [SR] Verify complete
2021-01-04 12:06:52, Info CSI 000001a9 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:06:52, Info CSI 000001aa [SR] Beginning Verify and Repair transaction
2021-01-04 12:06:57, Info CSI 000001ad [SR] Verify complete
2021-01-04 12:06:57, Info CSI 000001ae [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:06:57, Info CSI 000001af [SR] Beginning Verify and Repair transaction
2021-01-04 12:07:03, Info CSI 000001b1 [SR] Verify complete
2021-01-04 12:07:03, Info CSI 000001b2 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:07:03, Info CSI 000001b3 [SR] Beginning Verify and Repair transaction
2021-01-04 12:07:09, Info CSI 000001b7 [SR] Verify complete
2021-01-04 12:07:09, Info CSI 000001b8 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:07:09, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2021-01-04 12:07:16, Info CSI 000001bb [SR] Verify complete
2021-01-04 12:07:16, Info CSI 000001bc [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:07:16, Info CSI 000001bd [SR] Beginning Verify and Repair transaction
2021-01-04 12:07:35, Info CSI 000001c0 [SR] Verify complete
2021-01-04 12:07:36, Info CSI 000001c1 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:07:36, Info CSI 000001c2 [SR] Beginning Verify and Repair transaction
2021-01-04 12:18:51, Info CSI 000001c4 [SR] Verify complete
2021-01-04 12:18:52, Info CSI 000001c5 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:18:52, Info CSI 000001c6 [SR] Beginning Verify and Repair transaction
2021-01-04 12:18:58, Info CSI 000001c8 [SR] Verify complete
2021-01-04 12:18:59, Info CSI 000001c9 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:18:59, Info CSI 000001ca [SR] Beginning Verify and Repair transaction
2021-01-04 12:19:08, Info CSI 000001cc [SR] Verify complete
2021-01-04 12:19:09, Info CSI 000001cd [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:19:09, Info CSI 000001ce [SR] Beginning Verify and Repair transaction
2021-01-04 12:19:26, Info CSI 000001d0 [SR] Verify complete
2021-01-04 12:19:28, Info CSI 000001d1 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:19:28, Info CSI 000001d2 [SR] Beginning Verify and Repair transaction
2021-01-04 12:19:47, Info CSI 000001d4 [SR] Verify complete
2021-01-04 12:19:48, Info CSI 000001d5 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:19:48, Info CSI 000001d6 [SR] Beginning Verify and Repair transaction
2021-01-04 12:19:59, Info CSI 000001d8 [SR] Verify complete
2021-01-04 12:19:59, Info CSI 000001d9 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:19:59, Info CSI 000001da [SR] Beginning Verify and Repair transaction
2021-01-04 12:20:06, Info CSI 000001dc [SR] Verify complete
2021-01-04 12:20:07, Info CSI 000001dd [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:20:07, Info CSI 000001de [SR] Beginning Verify and Repair transaction
2021-01-04 12:20:26, Info CSI 000001e0 [SR] Verify complete
2021-01-04 12:20:27, Info CSI 000001e1 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:20:27, Info CSI 000001e2 [SR] Beginning Verify and Repair transaction
2021-01-04 12:20:43, Info CSI 000001e4 [SR] Verify complete
2021-01-04 12:20:44, Info CSI 000001e5 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:20:44, Info CSI 000001e6 [SR] Beginning Verify and Repair transaction
2021-01-04 12:20:51, Info CSI 000001e8 [SR] Verify complete
2021-01-04 12:20:51, Info CSI 000001e9 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:20:51, Info CSI 000001ea [SR] Beginning Verify and Repair transaction
2021-01-04 12:20:55, Info CSI 000001ec [SR] Verify complete
2021-01-04 12:20:56, Info CSI 000001ed [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:20:56, Info CSI 000001ee [SR] Beginning Verify and Repair transaction
2021-01-04 12:20:58, Info CSI 000001f0 [SR] Verify complete
2021-01-04 12:20:59, Info CSI 000001f1 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:20:59, Info CSI 000001f2 [SR] Beginning Verify and Repair transaction
2021-01-04 12:21:02, Info CSI 000001f4 [SR] Verify complete
2021-01-04 12:21:02, Info CSI 000001f5 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:21:02, Info CSI 000001f6 [SR] Beginning Verify and Repair transaction
2021-01-04 12:21:07, Info CSI 000001f8 [SR] Verify complete
2021-01-04 12:21:07, Info CSI 000001f9 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:21:07, Info CSI 000001fa [SR] Beginning Verify and Repair transaction
2021-01-04 12:21:08, Info CSI 000001fc [SR] Verify complete
2021-01-04 12:21:09, Info CSI 000001fd [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:21:09, Info CSI 000001fe [SR] Beginning Verify and Repair transaction
2021-01-04 12:21:09, Info CSI 00000200 [SR] Verify complete
2021-01-04 12:21:10, Info CSI 00000201 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:21:10, Info CSI 00000202 [SR] Beginning Verify and Repair transaction
2021-01-04 12:21:20, Info CSI 0000020a [SR] Verify complete
2021-01-04 12:21:20, Info CSI 0000020b [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:21:20, Info CSI 0000020c [SR] Beginning Verify and Repair transaction
2021-01-04 12:21:26, Info CSI 0000020e [SR] Verify complete
2021-01-04 12:21:26, Info CSI 0000020f [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:21:26, Info CSI 00000210 [SR] Beginning Verify and Repair transaction
2021-01-04 12:21:37, Info CSI 00000212 [SR] Verify complete
2021-01-04 12:21:38, Info CSI 00000213 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:21:38, Info CSI 00000214 [SR] Beginning Verify and Repair transaction
2021-01-04 12:21:42, Info CSI 00000216 [SR] Verify complete
2021-01-04 12:21:43, Info CSI 00000217 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:21:43, Info CSI 00000218 [SR] Beginning Verify and Repair transaction
2021-01-04 12:22:01, Info CSI 0000021a [SR] Verify complete
2021-01-04 12:22:07, Info CSI 0000021b [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:22:07, Info CSI 0000021c [SR] Beginning Verify and Repair transaction
2021-01-04 12:22:28, Info CSI 0000021f [SR] Verify complete
2021-01-04 12:22:29, Info CSI 00000220 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:22:29, Info CSI 00000221 [SR] Beginning Verify and Repair transaction
2021-01-04 12:22:47, Info CSI 00000223 [SR] Verify complete
2021-01-04 12:22:47, Info CSI 00000224 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:22:47, Info CSI 00000225 [SR] Beginning Verify and Repair transaction
2021-01-04 12:22:50, Info CSI 00000227 [SR] Verify complete
2021-01-04 12:22:51, Info CSI 00000228 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:22:51, Info CSI 00000229 [SR] Beginning Verify and Repair transaction
2021-01-04 12:23:01, Info CSI 0000022e [SR] Verify complete
2021-01-04 12:23:02, Info CSI 0000022f [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:23:02, Info CSI 00000230 [SR] Beginning Verify and Repair transaction
2021-01-04 12:23:17, Info CSI 00000233 [SR] Verify complete
2021-01-04 12:23:18, Info CSI 00000234 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:23:18, Info CSI 00000235 [SR] Beginning Verify and Repair transaction
2021-01-04 12:23:27, Info CSI 00000239 [SR] Verify complete
2021-01-04 12:23:27, Info CSI 0000023a [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:23:27, Info CSI 0000023b [SR] Beginning Verify and Repair transaction
2021-01-04 12:23:38, Info CSI 00000246 [SR] Verify complete
2021-01-04 12:23:39, Info CSI 00000247 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:23:39, Info CSI 00000248 [SR] Beginning Verify and Repair transaction
2021-01-04 12:23:48, Info CSI 0000024f [SR] Verify complete
2021-01-04 12:23:49, Info CSI 00000250 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:23:49, Info CSI 00000251 [SR] Beginning Verify and Repair transaction
2021-01-04 12:23:57, Info CSI 00000253 [SR] Verify complete
2021-01-04 12:23:58, Info CSI 00000254 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:23:58, Info CSI 00000255 [SR] Beginning Verify and Repair transaction
2021-01-04 12:24:03, Info CSI 00000259 [SR] Verify complete
2021-01-04 12:24:04, Info CSI 0000025a [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:24:04, Info CSI 0000025b [SR] Beginning Verify and Repair transaction
2021-01-04 12:24:10, Info CSI 0000025d [SR] Verify complete
2021-01-04 12:24:11, Info CSI 0000025e [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:24:11, Info CSI 0000025f [SR] Beginning Verify and Repair transaction
2021-01-04 12:24:17, Info CSI 00000284 [SR] Verify complete
2021-01-04 12:24:18, Info CSI 00000285 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:24:18, Info CSI 00000286 [SR] Beginning Verify and Repair transaction
2021-01-04 12:24:25, Info CSI 00000288 [SR] Verify complete
2021-01-04 12:24:26, Info CSI 00000289 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:24:26, Info CSI 0000028a [SR] Beginning Verify and Repair transaction
2021-01-04 12:24:32, Info CSI 0000028c [SR] Verify complete
2021-01-04 12:24:32, Info CSI 0000028d [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:24:32, Info CSI 0000028e [SR] Beginning Verify and Repair transaction
2021-01-04 12:24:39, Info CSI 00000290 [SR] Verify complete
2021-01-04 12:24:39, Info CSI 00000291 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:24:39, Info CSI 00000292 [SR] Beginning Verify and Repair transaction
2021-01-04 12:24:45, Info CSI 000002a0 [SR] Verify complete
2021-01-04 12:24:46, Info CSI 000002a1 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:24:46, Info CSI 000002a2 [SR] Beginning Verify and Repair transaction
2021-01-04 12:24:56, Info CSI 000002a4 [SR] Verify complete
2021-01-04 12:24:57, Info CSI 000002a5 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:24:57, Info CSI 000002a6 [SR] Beginning Verify and Repair transaction
2021-01-04 12:25:03, Info CSI 000002b4 [SR] Verify complete
2021-01-04 12:25:03, Info CSI 000002b5 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:25:03, Info CSI 000002b6 [SR] Beginning Verify and Repair transaction
2021-01-04 12:25:07, Info CSI 000002b8 [SR] Verify complete
2021-01-04 12:25:09, Info CSI 000002b9 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:25:09, Info CSI 000002ba [SR] Beginning Verify and Repair transaction
2021-01-04 12:25:14, Info CSI 000002bc [SR] Verify complete
2021-01-04 12:25:15, Info CSI 000002bd [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:25:15, Info CSI 000002be [SR] Beginning Verify and Repair transaction
2021-01-04 12:25:21, Info CSI 000002c1 [SR] Verify complete
2021-01-04 12:25:21, Info CSI 000002c2 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:25:21, Info CSI 000002c3 [SR] Beginning Verify and Repair transaction
2021-01-04 12:25:24, Info CSI 000002c5 [SR] Verify complete
2021-01-04 12:25:25, Info CSI 000002c6 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:25:25, Info CSI 000002c7 [SR] Beginning Verify and Repair transaction
2021-01-04 12:25:33, Info CSI 000002c9 [SR] Verify complete
2021-01-04 12:25:34, Info CSI 000002ca [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:25:34, Info CSI 000002cb [SR] Beginning Verify and Repair transaction
2021-01-04 12:25:41, Info CSI 000002cd [SR] Verify complete
2021-01-04 12:25:42, Info CSI 000002ce [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:25:42, Info CSI 000002cf [SR] Beginning Verify and Repair transaction
2021-01-04 12:25:49, Info CSI 000002d1 [SR] Verify complete
2021-01-04 12:25:50, Info CSI 000002d2 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:25:50, Info CSI 000002d3 [SR] Beginning Verify and Repair transaction
2021-01-04 12:25:56, Info CSI 000002ed [SR] Verify complete
2021-01-04 12:25:57, Info CSI 000002ee [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:25:57, Info CSI 000002ef [SR] Beginning Verify and Repair transaction
2021-01-04 12:26:10, Info CSI 000002f1 [SR] Verify complete
2021-01-04 12:26:11, Info CSI 000002f2 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:26:11, Info CSI 000002f3 [SR] Beginning Verify and Repair transaction
2021-01-04 12:26:17, Info CSI 000002f5 [SR] Verify complete
2021-01-04 12:26:17, Info CSI 000002f6 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:26:17, Info CSI 000002f7 [SR] Beginning Verify and Repair transaction
2021-01-04 12:26:21, Info CSI 000002f9 [SR] Verify complete
2021-01-04 12:26:22, Info CSI 000002fa [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:26:22, Info CSI 000002fb [SR] Beginning Verify and Repair transaction
2021-01-04 12:26:27, Info CSI 000002ff [SR] Verify complete
2021-01-04 12:26:27, Info CSI 00000300 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:26:27, Info CSI 00000301 [SR] Beginning Verify and Repair transaction
2021-01-04 12:26:33, Info CSI 00000303 [SR] Verify complete
2021-01-04 12:26:34, Info CSI 00000304 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:26:34, Info CSI 00000305 [SR] Beginning Verify and Repair transaction
2021-01-04 12:26:40, Info CSI 00000307 [SR] Verify complete
2021-01-04 12:26:41, Info CSI 00000308 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:26:41, Info CSI 00000309 [SR] Beginning Verify and Repair transaction
2021-01-04 12:26:46, Info CSI 0000030b [SR] Verify complete
2021-01-04 12:26:47, Info CSI 0000030c [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:26:47, Info CSI 0000030d [SR] Beginning Verify and Repair transaction
2021-01-04 12:26:53, Info CSI 00000310 [SR] Verify complete
2021-01-04 12:26:53, Info CSI 00000311 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:26:53, Info CSI 00000312 [SR] Beginning Verify and Repair transaction
2021-01-04 12:26:58, Info CSI 00000314 [SR] Verify complete
2021-01-04 12:26:59, Info CSI 00000315 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:26:59, Info CSI 00000316 [SR] Beginning Verify and Repair transaction
2021-01-04 12:27:05, Info CSI 00000318 [SR] Verify complete
2021-01-04 12:27:06, Info CSI 00000319 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:27:06, Info CSI 0000031a [SR] Beginning Verify and Repair transaction
2021-01-04 12:27:13, Info CSI 0000031c [SR] Verify complete
2021-01-04 12:27:13, Info CSI 0000031d [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:27:13, Info CSI 0000031e [SR] Beginning Verify and Repair transaction
2021-01-04 12:27:18, Info CSI 00000321 [SR] Verify complete
2021-01-04 12:27:19, Info CSI 00000322 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:27:19, Info CSI 00000323 [SR] Beginning Verify and Repair transaction
2021-01-04 12:27:26, Info CSI 00000325 [SR] Verify complete
2021-01-04 12:27:27, Info CSI 00000326 [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:27:27, Info CSI 00000327 [SR] Beginning Verify and Repair transaction
2021-01-04 12:27:33, Info CSI 00000329 [SR] Verify complete
2021-01-04 12:27:34, Info CSI 0000032a [SR] Verifying 100 (0x0000000000000064) components
2021-01-04 12:27:34, Info CSI 0000032b [SR] Beginning Verify and Repair transaction
2021-01-04 12:27:41, Info CSI 0000032d [SR] Verify complete
2021-01-04 12:27:42, Info CSI 0000032e [SR] Verifying 54 (0x0000000000000036) components
2021-01-04 12:27:42, Info CSI 0000032f [SR] Beginning Verify and Repair transaction
2021-01-04 12:27:44, Info CSI 00000331 [SR] Verify complete
2021-01-04 12:27:44, Info CSI 00000332 [SR] Repairing 0 components
2021-01-04 12:27:44, Info CSI 00000333 [SR] Beginning Verify and Repair transaction
2021-01-04 12:27:44, Info CSI 00000335 [SR] Repair complete
========= End of CMD: =========
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog 12:28:20 ====
#6
Posted 04 January 2021 - 12:54 PM
smittyd
- Topic Starter
-
- Member
-
- 148 posts
Member
Sorry, I tried to copy and paste just with the "reply to this topic" but wouldn't allow me to paste. I tried different ways.
#7
Posted 04 January 2021 - 02:29 PM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
OK. Not sure why it didn't work.
Can I see a FRST scan? Are you still getting your redirect?
#8
Posted 04 January 2021 - 02:44 PM
smittyd
- Topic Starter
-
- Member
-
- 148 posts
Member
Yes, still getting it.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by Owner (administrator) on OWNER-PC (Dell Inc. Inspiron 660) (04-01-2021 09:10:51)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Atheros) [File not signed] C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(AVG Technologies USA, LLC -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\AVGBrowserCrashHandler.exe
(AVG Technologies USA, LLC -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\AVGBrowserCrashHandler64.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\caudiofilteragent64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Genie9) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimeLineAgent.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\3.8.106.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MSGSDK\msgrunner.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe <5>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe <6>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_6\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MQS\QcShm.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <7>
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASCORE64.EXE
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe <2>
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.Service.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-14] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1628288 2011-09-08] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-19] (Intel Corporation - Mobile Wireless Group -> Intel Corporation)
HKLM\...\Run: [WSVCUUpdateHelper.exe] => C:\Program Files\Wondershare\Wondershare UniConverter\WSVCUUpdateHelper.exe [34744 2020-12-23] (Wondershare Technology Co.,Ltd -> )
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [638352 2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [407440 2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe [4362704 2020-11-27] (Surfshark Ltd. -> Surfshark)
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32414392 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\MountPoints2: {24670f47-71b5-11e3-bcac-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\...\Print\Monitors\HP 5912 Status Monitor: C:\Windows\system32\hpinksts5912LM.dll [331664 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8600): C:\Windows\system32\HPDiscoPM5912.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-03] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{48F69C39-1356-4A7B-A899-70E3539D4982}] -> C:\Program Files (x86)\AVG\Browser\Application\86.1.6937.200\Installer\chrmstp.exe [2020-11-23] (AVG Technologies USA, LLC -> AVG Technologies)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS Thermal Printing.lnk [2019-02-05]
ShortcutTarget: UPS Thermal Printing.lnk -> C:\Program Files (x86)\UPS\Thermal Printing\UPSISJavaStarter.exe (United Parcel Service) [File not signed]
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2019-05-03]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E313519-F2CD-4E9F-9C27-8B8DF7B05A89} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {1CB800FF-C5CA-4410-AC31-5CDF123022AD} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {1D77A071-171F-4554-94D3-D851C2AD0927} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-16] (Google Inc -> Google Inc.)
Task: {1FD67AC7-010B-4D16-9F09-E6EB9574DDFB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {23C624EA-F7F3-489E-96B9-E9F4A5CAA68D} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4603200 2020-08-16] (McAfee, LLC -> McAfee, LLC)
Task: {28128529-D51E-4E11-BA53-3B77456B5BA0} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {3723055B-0082-4A0D-8672-C903A2576968} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [3885120 2013-09-20] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {4EBBE1C6-1081-404A-A982-103F922B3188} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {57B7B3A5-3EE4-4A36-9D44-55A178863607} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {6572046D-7C15-49B9-9023-7FE67C2EC48A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {80186C99-1F21-4737-B40B-E9783EDBC0D3} - System32\Tasks\AVG Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [1929816 2020-11-12] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {8AB4A04B-04E3-4720-9D27-5977A245BB0A} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1773192 2020-09-17] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {A00DD7D3-D4D4-4835-9071-FC40B439ED0D} - System32\Tasks\{25A0616E-6AFD-4655-8902-D17F2E0763DC} => C:\Windows\system32\pcalua.exe -a "C:\Users\Owner\Desktop\Backup\Users\Owner\Documents\Games\My Documents\frostwire-4.18.1.windows.exe"
Task: {BB6C6411-A7E0-43CF-8622-02D62F2E9833} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {BE669FC4-2E88-4F73-B670-0B1B11F76A3F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {BE72AD84-3340-40CA-8174-F4F128E3A6E0} - System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [1929816 2020-11-12] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {CEA26841-0391-48F0-9456-830FCA796D09} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.11.630\mcdatrep.exe [1888160 2020-09-24] (McAfee, Inc. -> McAfee, LLC.)
Task: {D5326979-D4EE-422B-80DF-8989AF84DC08} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1090800 2020-08-14] (McAfee, LLC -> McAfee, LLC)
Task: {DA331BD8-52A3-4245-A098-0E5DE31D8834} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [764640 2020-06-09] (McAfee, LLC -> McAfee, LLC)
Task: {E1881029-EB60-4BC6-9CE0-3A957CA1A2EB} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [693456 2020-12-22] (Mozilla Corporation -> Mozilla Foundation)
Task: {E2ECD4C7-820A-40F7-9DF1-84660267BAD9} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.5.126\DADUpdater.exe [4000984 2020-11-04] (McAfee, LLC -> McAfee, LLC)
Task: {E7FCE166-5458-4C4F-855D-434660F78491} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E8C95506-73C5-4FE3-BAA7-35013A4E7F99} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [3907304 2013-09-20] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {F24F8409-386A-4C74-94B7-AF6AA42F8C6E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [3633312 2013-09-20] (Safer Networking Ltd. -> Safer-Networking Ltd.)
Task: {F7EB52B0-1D8F-4ACB-94AF-95919173892F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-16] (Google Inc -> Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:1080
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9177BD24-158B-4F5A-850A-E78230A70809}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{F6C593FC-DE1F-428A-8525-EA6E831D2CED}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF DefaultProfile: 06wnhiu5.default-1504139140416
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416 [2021-01-04]
FF Homepage: Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416 -> hxxps://www.dogpile.com/
FF Extension: (AdBlocker Ultimate) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\Extensions\[email protected] [2020-12-07]
FF Extension: (NoScript) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2020-12-23]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-12-15]
FF Extension: (Greasemonkey) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-10-04]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\searchplugins\bing-lavasoft-ff59.xml [2018-05-27]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: (FiddlerHook) - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-04-03] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2020-10-20] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-08-21] (McAfee, LLC -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-08-21] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll [2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll [2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2192775400-2880640462-1298197252-1000: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2021-01-02] (TD Ameritrade -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-2192775400-2880640462-1298197252-1000: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2021-01-02] (TD Ameritrade -> TD Ameritrade)
Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2021-01-03]
CHR HomePage: Default -> hxxp://www.google.com
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-24]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-24]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-21]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-30]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - <no Path/update_url>
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-04-27] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
S2 Avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
S3 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
S3 AVGSecureBrowserElevationService; C:\Program Files (x86)\AVG\Browser\Application\86.1.6937.200\elevation_service.exe [1136952 2020-11-12] (AVG Technologies USA, LLC -> AVG Technologies)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc. -> McAfee, Inc.)
S2 GenieTimelineService; C:\Program Files\NETGEAR\ReadySHARE Vault\GenieTimelineService.exe [671744 2016-12-18] (Genie9) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-29] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [958216 2020-12-17] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_6\McApExe.exe [768256 2020-09-11] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.8.106.0\\McCSPServiceHost.exe [2726312 2020-08-13] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1745400 2020-08-14] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4221040 2020-07-29] (McAfee, LLC -> McAfee, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 Surfshark Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-06-15] (Surfshark Ltd. -> Surfshark)
R2 Surfshark Shadowsocks Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-06-15] (Surfshark Ltd. -> Surfshark)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppService.exe [493792 2017-12-19] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files\Wondershare\Wondershare UniConverter\Transfer\DriverInstall.exe [112560 2020-12-23] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2011-11-29] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc. -> SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc. -> SlySoft, Inc.)
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2796544 2011-11-22] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-08] (AVG Technologies -> AVG Technologies)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [75704 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-12-29] (Malwarebytes Corporation -> Malwarebytes)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [218960 2020-05-25] (McAfee, LLC -> McAfee, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2020-12-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2020-12-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2020-12-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-12-29] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [127088 2020-12-29] (Malwarebytes Inc -> Malwarebytes)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [529848 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [382392 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [521656 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [1006008 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [595896 2020-06-07] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [107960 2020-06-07] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [116664 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252344 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Primax Ltd)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [80384 2010-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [180736 2010-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security S.L. -> Panda Security, S.L.)
R1 SASDIFSV; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SurfsharkSplitTunnelDriver; C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys [39648 2020-06-15] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 tapsurfshark; C:\Windows\System32\DRIVERS\tapsurfshark.sys [36544 2020-06-15] (Surfshark Ltd. -> The OpenVPN Project)
R3 wintunshark; C:\Windows\System32\DRIVERS\wintunshark.sys [28936 2020-09-17] (Surfshark Ltd. -> Surfshark Ltd)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare Software Co., Ltd. -> Wondershare)
U2 TMAgent; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-04 09:10 - 2021-01-04 09:12 - 000031874 _____ C:\Users\Owner\Desktop\FRST.txt
2021-01-04 09:10 - 2021-01-04 09:11 - 000000000 ____D C:\FRST
2021-01-04 09:09 - 2021-01-04 09:09 - 002286592 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2021-01-03 20:24 - 2021-01-03 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2020-12-30 05:36 - 2020-12-30 05:36 - 000000977 _____ C:\Users\Owner\Desktop\Eusing Cleaner.lnk
2020-12-30 05:36 - 2020-12-30 05:36 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eusing Cleaner
2020-12-30 05:36 - 2020-12-30 05:36 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Eusing
2020-12-30 05:36 - 2020-12-30 05:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eusing Cleaner
2020-12-30 05:36 - 2020-12-30 05:36 - 000000000 ____D C:\Program Files (x86)\Eusing Cleaner
2020-12-29 13:37 - 2020-12-29 13:37 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-12-29 13:36 - 2020-12-29 13:36 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-12-29 13:36 - 2020-12-29 13:36 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-12-29 13:36 - 2020-12-29 13:36 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-12-29 13:36 - 2020-12-29 13:36 - 000127088 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-12-29 13:36 - 2020-12-29 13:36 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-12-29 13:36 - 2020-12-29 13:36 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-12-29 13:36 - 2020-12-29 13:36 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-12-29 13:36 - 2020-12-29 13:36 - 000000000 ____D C:\Users\Owner\AppData\Local\mbam
2020-12-29 13:36 - 2020-12-29 13:35 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-12-28 08:08 - 2020-12-28 08:08 - 000001081 _____ C:\Users\Public\Desktop\Wondershare UniConverter.lnk
2020-12-28 08:08 - 2020-12-28 08:08 - 000001081 _____ C:\ProgramData\Desktop\Wondershare UniConverter.lnk
2020-12-24 13:11 - 2020-12-24 15:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2020-12-22 13:26 - 2020-12-22 13:26 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-12-22 13:17 - 2020-12-28 22:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-12-20 05:43 - 2020-12-20 05:43 - 000401024 _____ C:\Users\Owner\Desktop\WeeklyPaycheckStrategyGuide2019.pdf
2020-12-07 14:27 - 2020-12-28 22:56 - 000000000 ____D C:\ProgramData\McInstTemp0285051607372829
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-04 08:57 - 2009-07-13 22:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-01-04 08:57 - 2009-07-13 22:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-01-04 08:50 - 2014-01-01 17:04 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-04 08:49 - 2016-11-17 17:55 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2021-01-03 22:56 - 2020-10-17 11:43 - 000000000 ____D C:\Program Files\CCleaner
2021-01-03 22:30 - 2014-01-03 15:25 - 000000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2021-01-03 20:24 - 2019-03-27 12:18 - 000000000 ____D C:\Users\Owner\AppData\Local\BitTorrentHelper
2021-01-03 16:12 - 2018-02-04 14:49 - 000000000 ____D C:\Windows\system32\Tasks\McAfee
2021-01-02 19:10 - 2009-07-13 23:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-02 19:10 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2021-01-02 16:19 - 2020-06-28 15:53 - 000000000 ____D C:\Users\Owner\.thinkorswim
2021-01-02 16:19 - 2020-06-28 15:53 - 000000000 ____D C:\Program Files\thinkorswim
2020-12-29 13:36 - 2014-02-09 06:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-29 13:34 - 2017-10-23 17:37 - 000000000 ____D C:\Program Files\Malwarebytes
2020-12-29 13:33 - 2014-01-01 18:48 - 000000000 ____D C:\Users\Owner\Documents\Anti Spyware
2020-12-28 22:57 - 2015-08-22 09:35 - 000000000 __SHD C:\Users\Owner\IntelGraphicsProfiles
2020-12-28 22:56 - 2020-10-17 11:43 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-12-28 22:55 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-12-28 22:54 - 2014-01-01 17:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-12-28 22:51 - 2014-02-15 18:33 - 000000000 ____D C:\AdwCleaner
2020-12-28 08:08 - 2014-02-03 23:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2020-12-23 15:43 - 2016-08-04 11:21 - 000000000 ____D C:\Users\Owner\Documents\Chessmaster 9000
2020-12-14 22:15 - 2014-02-22 07:31 - 000000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2020-12-11 20:43 - 2015-11-15 19:59 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-08 19:15 - 2018-03-13 14:07 - 000004462 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-12-08 19:15 - 2014-01-05 15:11 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-12-08 19:15 - 2014-01-02 09:39 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-12-08 19:15 - 2014-01-02 09:39 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-12-08 19:15 - 2014-01-02 09:39 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-12-08 19:15 - 2014-01-02 09:39 - 000000000 ____D C:\Windows\system32\Macromed
2020-12-06 17:10 - 2020-09-05 16:00 - 000000000 ____D C:\ProgramData\Surfshark
2020-12-06 17:10 - 2020-09-05 15:56 - 000000000 ____D C:\Program Files (x86)\Surfshark
2020-12-05 22:58 - 2020-09-05 15:49 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Surfshark
2020-12-05 00:01 - 2014-02-12 14:15 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
==================== Files in the root of some directories ========
2014-01-08 17:00 - 2014-02-05 22:46 - 000003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-01-05 15:01 - 2014-12-18 21:29 - 000000203 _____ () C:\Users\Owner\AppData\Roaming\default.rss
2015-11-15 17:20 - 2015-11-15 19:04 - 000000115 _____ () C:\Users\Owner\AppData\Roaming\LogFile.txt
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-01-03 18:52
==================== End of FRST.txt ========================
#9
Posted 04 January 2021 - 03:08 PM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
The proxy stuff came back so that's no surprise.
Let's see if we can figure out what program is running the proxy:
Get tcpview. https://live.sysinte...com/Tcpview.exeDownload, Save and then run it by right clicking and Run As Admin.
Then File, Save As (to your desktop), tcp , OK. This should create a file tcp.txt on your desktop. Attach or copy and paste it to a reply.
#10
Posted 04 January 2021 - 04:54 PM
smittyd
- Topic Starter
-
- Member
-
- 148 posts
Member
[System Process] 0 TCP owner-pc icslap 192.168.1.1 59633 TIME_WAIT
[System Process] 0 TCP Owner-PC wsd localhost 56011 TIME_WAIT
[System Process] 0 TCP Owner-PC wsd localhost 56021 TIME_WAIT
[System Process] 0 TCP Owner-PC wsd localhost 56036 TIME_WAIT
[System Process] 0 TCP owner-pc 55985 server-13-226-201-34.dfw55.r.cloudfront.net https TIME_WAIT
[System Process] 0 TCP owner-pc 55988 192.168.1.1 1990 TIME_WAIT
[System Process] 0 TCP owner-pc 55995 172.67.17.41 https TIME_WAIT
[System Process] 0 TCP owner-pc 56013 192.168.1.6 9197 TIME_WAIT
[System Process] 0 TCP owner-pc 56043 192.168.1.6 9197 TIME_WAIT
[System Process] 0 TCP owner-pc 56057 54.148.195.155 https TIME_WAIT
[System Process] 0 TCPV6 [0:0:0:0:0:0:0:1] icslap [0:0:0:0:0:0:0:1] 56002 TIME_WAIT
[System Process] 0 TCP Owner-PC wsd localhost 56083 TIME_WAIT
[System Process] 0 TCP owner-pc 55974 104.20.107.83 https TIME_WAIT
[System Process] 0 TCP owner-pc 55977 172.67.17.41 https TIME_WAIT
firefox.exe 1520 TCP Owner-PC 54938 localhost 54939 ESTABLISHED 33 33
firefox.exe 1520 TCP Owner-PC 54939 localhost 54938 ESTABLISHED 33 33
firefox.exe 6268 TCP Owner-PC 54940 localhost 54941 ESTABLISHED
firefox.exe 6268 TCP Owner-PC 54941 localhost 54940 ESTABLISHED
firefox.exe 11636 TCP Owner-PC 54955 localhost 54956 ESTABLISHED
firefox.exe 11636 TCP Owner-PC 54956 localhost 54955 ESTABLISHED
firefox.exe 9164 TCP Owner-PC 54960 localhost 54961 ESTABLISHED
firefox.exe 9164 TCP Owner-PC 54961 localhost 54960 ESTABLISHED
firefox.exe 3212 TCP Owner-PC 55797 localhost 55798 ESTABLISHED
firefox.exe 3212 TCP Owner-PC 55798 localhost 55797 ESTABLISHED
firefox.exe 1520 TCP owner-pc 56000 ec2-35-165-114-190.us-west-2.compute.amazonaws.com https ESTABLISHED
firefox.exe 1520 TCP owner-pc 56018 82.221.107.34.bc.googleusercontent.com http ESTABLISHED 1 302 1 220
firefox.exe 1520 TCP owner-pc 56019 82.221.107.34.bc.googleusercontent.com http ESTABLISHED 1 297 1 220
Jhi_service.exe 1512 TCP Owner-PC 49156 Owner-PC 0 LISTENING
LMS.exe 11812 TCP Owner-PC 623 Owner-PC 0 LISTENING
LMS.exe 11812 TCP Owner-PC 16992 Owner-PC 0 LISTENING
LMS.exe 11812 TCPV6 [0:0:0:0:0:0:0:0] 623 [0:0:0:0:0:0:0:0] 0 LISTENING
LMS.exe 11812 TCPV6 [0:0:0:0:0:0:0:0] 16992 [0:0:0:0:0:0:0:0] 0 LISTENING
LMS.exe 11812 TCPV6 [0:0:0:0:0:0:0:1] 55996 [0:0:0:0:0:0:0:1] 55998 ESTABLISHED
LMS.exe 11812 TCPV6 [0:0:0:0:0:0:0:1] 55998 [0:0:0:0:0:0:0:1] 55996 ESTABLISHED
lsass.exe 808 TCP Owner-PC 49155 Owner-PC 0 LISTENING
lsass.exe 808 TCPV6 [0:0:0:0:0:0:0:0] 49155 [0:0:0:0:0:0:0:0] 0 LISTENING
MBAMService.exe 4512 TCP Owner-PC 43227 Owner-PC 0 LISTENING
MMSSHOST.exe 2828 TCP Owner-PC 6646 Owner-PC 0 LISTENING
MMSSHOST.exe 2828 TCP Owner-PC 53611 Owner-PC 0 LISTENING
MMSSHOST.exe 2828 TCP Owner-PC 53614 Owner-PC 0 LISTENING
MMSSHOST.exe 2828 TCP Owner-PC 53629 Owner-PC 0 LISTENING
MMSSHOST.exe 2828 UDP Owner-PC 6646 * *
ModuleCoreService.exe 2968 TCP owner-pc 56041 104.208.16.0 https ESTABLISHED
SDTray.exe 10812 TCP Owner-PC 56096 localhost 21322 SYN_SENT
services.exe 756 TCP Owner-PC 49166 Owner-PC 0 LISTENING
services.exe 756 TCPV6 [0:0:0:0:0:0:0:0] 49166 [0:0:0:0:0:0:0:0] 0 LISTENING
spoolsv.exe 1416 TCP Owner-PC 49157 Owner-PC 0 LISTENING
spoolsv.exe 1416 TCPV6 [0:0:0:0:0:0:0:0] 49157 [0:0:0:0:0:0:0:0] 0 LISTENING
Surfshark.exe 10584 TCP owner-pc 55969 104.28.0.242 https FIN_WAIT1
Surfshark.exe 10584 TCP owner-pc 55975 172.67.161.102 https ESTABLISHED 4 2,042 8 1,386
Surfshark.exe 10584 TCP owner-pc 55991 104.28.1.242 https ESTABLISHED
Surfshark.exe 10584 TCP owner-pc 56093 104.28.0.242 https ESTABLISHED 3 1,127 6 748
svchost.exe 992 TCP Owner-PC epmap Owner-PC 0 LISTENING
svchost.exe 540 TCP Owner-PC 49153 Owner-PC 0 LISTENING
svchost.exe 616 TCP Owner-PC 49154 Owner-PC 0 LISTENING
svchost.exe 540 UDP Owner-PC bootpc * * 7 2,100 1 548
svchost.exe 616 UDP Owner-PC isakmp * * 1 528 1 308
svchost.exe 11096 UDP Owner-PC ssdp * * 3 1,176 28 3,136
svchost.exe 11096 UDP owner-pc ssdp * *
svchost.exe 640 UDP Owner-PC ws-discovery * * 8 4,992
svchost.exe 640 UDP Owner-PC ws-discovery * *
svchost.exe 11096 UDP Owner-PC ws-discovery * * 2 2,452 4 2,496
svchost.exe 11096 UDP Owner-PC ws-discovery * *
svchost.exe 616 UDP Owner-PC ipsec-msft * * 4 1,632 1 2,936
svchost.exe 1156 UDP Owner-PC llmnr * * 32 804
svchost.exe 11096 UDP Owner-PC 54308 * *
svchost.exe 640 UDP Owner-PC 58147 * * 4 2,496 2 2,452
svchost.exe 11096 UDP owner-pc 63506 * * 9 1,077 27 8,169
svchost.exe 11096 UDP Owner-PC 63507 * * 9 1,077 3 1,176
svchost.exe 992 TCPV6 [0:0:0:0:0:0:0:0] epmap [0:0:0:0:0:0:0:0] 0 LISTENING
svchost.exe 540 TCPV6 [0:0:0:0:0:0:0:0] 49153 [0:0:0:0:0:0:0:0] 0 LISTENING
svchost.exe 616 TCPV6 [0:0:0:0:0:0:0:0] 49154 [0:0:0:0:0:0:0:0] 0 LISTENING
svchost.exe 616 UDPV6 [0:0:0:0:0:0:0:0] 500 * *
svchost.exe 540 UDPV6 [fe80:0:0:0:e0:0:0:0] 546 * *
svchost.exe 540 UDPV6 [fe80:0:0:0:2dd6:4d59:d518:c1d6] 546 * *
svchost.exe 11096 UDPV6 [0:0:0:0:0:0:0:1] 1900 * *
svchost.exe 11096 UDPV6 [fe80:0:0:0:2dd6:4d59:d518:c1d6] 1900 * *
svchost.exe 11096 UDPV6 [0:0:0:0:0:0:0:0] 3702 * *
svchost.exe 11096 UDPV6 [0:0:0:0:0:0:0:0] 3702 * *
svchost.exe 640 UDPV6 [0:0:0:0:0:0:0:0] 3702 * *
svchost.exe 640 UDPV6 [0:0:0:0:0:0:0:0] 3702 * *
svchost.exe 616 UDPV6 [0:0:0:0:0:0:0:0] 4500 * *
svchost.exe 1156 UDPV6 [0:0:0:0:0:0:0:0] 5355 * *
svchost.exe 11096 UDPV6 [0:0:0:0:0:0:0:0] 54309 * *
svchost.exe 640 UDPV6 [0:0:0:0:0:0:0:0] 58148 * *
svchost.exe 11096 UDPV6 [fe80:0:0:0:2dd6:4d59:d518:c1d6] 63504 * *
svchost.exe 11096 UDPV6 [0:0:0:0:0:0:0:1] 63505 * * 6 2,328
svchost.exe 640 TCPV6 [0:0:0:0:0:0:0:1] 56080 [0:0:0:0:0:0:0:1] icslap ESTABLISHED 1 229 2 6,011
svchost.exe 1156 TCP Owner-PC 56097 localhost 1080 SYN_SENT
System 4 TCP owner-pc netbios-ssn Owner-PC 0 LISTENING
System 4 TCP Owner-PC microsoft-ds Owner-PC 0 LISTENING
System 4 TCP Owner-PC icslap Owner-PC 0 LISTENING
System 4 TCP Owner-PC wsd Owner-PC 0 LISTENING
System 4 TCP Owner-PC 10243 Owner-PC 0 LISTENING
System 4 UDP owner-pc netbios-ns * * 83 4,150 59 2,950 50 50 1 1
System 4 UDP owner-pc netbios-dgm * * 3 566 3 566
System 4 TCPV6 [0:0:0:0:0:0:0:0] microsoft-ds [0:0:0:0:0:0:0:0] 0 LISTENING
System 4 TCPV6 [0:0:0:0:0:0:0:0] icslap [0:0:0:0:0:0:0:0] 0 LISTENING
System 4 TCPV6 [0:0:0:0:0:0:0:1] icslap [0:0:0:0:0:0:0:1] 56009 ESTABLISHED
System 4 TCPV6 [0:0:0:0:0:0:0:0] wsd [0:0:0:0:0:0:0:0] 0 LISTENING
System 4 TCPV6 [0:0:0:0:0:0:0:0] 10243 [0:0:0:0:0:0:0:0] 0 LISTENING
System 4 TCPV6 [0:0:0:0:0:0:0:1] icslap [0:0:0:0:0:0:0:1] 56080 ESTABLISHED 2 6,011 1 229
UNS.exe 6228 TCP Owner-PC 49289 Owner-PC 0 LISTENING
wininit.exe 680 TCP Owner-PC 49152 Owner-PC 0 LISTENING
wininit.exe 680 TCPV6 [0:0:0:0:0:0:0:0] 49152 [0:0:0:0:0:0:0:0] 0 LISTENING
wmpnetwk.exe 11112 TCP Owner-PC rtsp Owner-PC 0 LISTENING
wmpnetwk.exe 11112 UDP Owner-PC 5004 * *
wmpnetwk.exe 11112 UDP Owner-PC 5005 * *
wmpnetwk.exe 11112 TCPV6 [0:0:0:0:0:0:0:0] rtsp [0:0:0:0:0:0:0:0] 0 LISTENING
wmpnetwk.exe 11112 TCPV6 [0:0:0:0:0:0:0:1] 56009 [0:0:0:0:0:0:0:1] icslap ESTABLISHED
wmpnetwk.exe 11112 UDPV6 [0:0:0:0:0:0:0:0] 5004 * *
wmpnetwk.exe 11112 UDPV6 [0:0:0:0:0:0:0:0] 5005 * *
#11
Posted 04 January 2021 - 09:14 PM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
Unfortunately I don't see a process listening on port 1080 but I found another very similar case where the proxy WAS caused by Surfshark so I'm probably barking up the wrong tree.
Does this redirect happen with any other browser?
If it is just Firefox try running Firefox in its Safe Mode with all extensions disabled:
https://support.mozi...using-safe-mode
or
https://www.top-pass...x-in-safe-mode/
If that helps then one of your extensions is bad. Turn on about 1/2 of them and try again. See if you can figure out which one is causing the redirect.
If that doesn't help then try MBAR:
https://www.malwareb...om/antirootkit/
See if it finds anything.
#12
Posted 05 January 2021 - 08:18 PM
smittyd
- Topic Starter
-
- Member
-
- 148 posts
Member
This redirect only happens when I use Dogpile. Which I do most of the time. I did try MBAR but nothing showed up. What's strange is it is only that one word "forum" that triggers the redirect.
#13
Posted 05 January 2021 - 09:22 PM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
OK. I went to dogpile.com with my browser (brave). Typed in: forum
Got the same nonsense as you report. Went through the captcha nonsense and had to select fire hydrants from a bunch of pictures then eventually I got to a dogpile search page. So the problem is with dogpile. Nothing on your system and nothing on mine causing it. Nothing we can do about it. You can try to contact them. There is a link at the bottom of their page and also a link to their Facebook page.
#14
Posted 06 January 2021 - 08:23 AM
smittyd
- Topic Starter
-
- Member
-
- 148 posts
Member
Interesting! Well, I appreciate your time and effort. I thought it was a little strange that this one word caused this redirection. BTW, you said brave when going to Dogpile. What search engine do you suggest?
#15
Posted 06 January 2021 - 09:11 AM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
I've just started using Brave. Still use Firefox for some things but Brave works better on larger websites like Google News or Yahoo News. Firefox jumps when scrolling which is really annoying. Turned off all of the ads & Brave Reward junk and added Ublock Origin and it's quicker and less CPU intensive than Chrome.
I'm a big fan of Google search. With Ublock Origin it doesn't show any sponsored ads and I've been using it for so long I know a lot of search tricks so I can usually find what I want.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
